Method for authenticating internet users

ABSTRACT

A method for authenticating the identity of a user who is attempting to access a website or conduct a transaction is described. The method involves receiving two geographical locations, and associated time stamps, of a mobile phone associated with the user, one of the locations being the location of the transaction or access attempt. The method determines whether the speed required to travel between the two geographical locations in the elapsed time is within acceptable limits. A confidence score, derived in part from this calculation, is taken into account when deciding whether to allow or deny the access or the transaction.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation-in-part of U.S. patent applicationSer. No. 17/592,528, filed Feb. 4, 2022, which is a continuation-in-partof U.S. patent application Ser. No. 16/724,361, filed Dec. 22, 2019, nowU.S. Pat. No. 11,308,477.

Application Ser. No. 16/724,361 is a continuation-in-part of U.S. patentapplication Ser. No. 15/787,805, filed Oct. 19, 2017, now U.S. Pat. No.10,521,786, which is a continuation-in-part of U.S. patent applicationSer. No. 15/606,270, filed May 26, 2017, now U.S. Pat. No. 10,289,833,which is a continuation-in-part of U.S. patent application Ser. No.15/134,545, filed Apr. 21, 2016, now U.S. Pat. No. 9,727,867, which is acontinuation-in-part of U.S. patent application Ser. No. 14/835,707,filed Aug. 25, 2015, now U.S. Pat. No. 9,391,985, which is acontinuation-in-part of U.S. patent application Ser. No. 14/479,266,filed Sep. 5, 2014 and now abandoned, which is a continuation-in-part ofU.S. patent application Ser. No. 14/145,862, filed Dec. 31, 2013, nowU.S. Pat. No. 9,033,225, which is a continuation-in-part of U.S. patentapplication Ser. No. 13/479,235, filed May 23, 2012, now U.S. Pat. No.8,770,477, which is a continuation-in-part of U.S. patent applicationSer. No. 13/065,691 filed Mar. 28, 2011, now U.S. Pat. No. 8,640,197,which is a continuation-in-part of U.S. patent application Ser. No.12/260,065 filed on Oct. 28, 2008 and now abandoned, which is acontinuation-in-part of U.S. patent application Ser. No. 11/346,240filed on Feb. 3, 2006, now U.S. Pat. No. 7,503,489, which in turn claimspriority from U.S. provisional application No. 60/674,709, filed Apr.26, 2005.

U.S. patent application Ser. No. 13/065,691 is also acontinuation-in-part of U.S. patent application Ser. No. 12/357,380,filed on Jan. 21, 2009, now U.S. Pat. No. 8,656,458, which is acontinuation-in-part of U.S. patent application Ser. No. 11/405,789filed on Apr. 18, 2006, now U.S. Pat. No. 8,590,007, which in turnclaims priority from U.S. provisional application No. 60/711,346, filedon Aug. 25, 2005.

U.S. application Ser. No. 13/065,691 is also a continuation-in-part ofU.S. patent application Ser. No. 12/600,808, filed on May 29, 2007, nowU.S. Pat. No. 8,370,909, which in turn is a 371 (National Stage in theUS) of PCT/US07/012552 filed May 29, 2007.

U.S. application Ser. No. 13/479,235 is also a continuation-in-part ofU.S. patent application Ser. No. 13/290,988, filed on Nov. 7, 2011, nowU.S. Pat. No. 8,413,898, which in turn is a divisional of U.S.application Ser. No. 12/260,065, supra.

FIELD OF THE INVENTION

This invention relates to a method and system for monitoring electronicpurchases.

BACKGROUND OF THE INVENTION

As credit card and debit card purchases have expanded both in number andin the methods by which they can be accomplished, particularlyelectronic purchases, the opportunity for fraudulent, invalid orunauthorized purchases has increased. The expansion of such purchaseopportunities has resulted in an increase in monetary losses to sellers,merchants, financial institutions and authorized holders of theauthorized credit card and debit cards. In response, methods and systemshave been developed to reduce the number of fraudulent purchases throughverification processes and systems.

An example of a method of increasing the security of payments made bycredit and cash cards is set forth in U.S. Patent Publication No.20040073519.

Another example of a method of increasing the security of payments madeby credit and cash cards is set forth in U.S. Patent Publication No.20040254868.

A cellular telephone location system for automatically recording thelocation of one or more mobile cellular telephones is described, forexample, in U.S. Pat. No. 5,327,144. The system comprises a central sitesystem operatively coupled to at least three cell sites. Each of thecell sites receives cellular telephone signals and integrates a timingsignal common to all the cell sites. The central site calculatesdifferences in times of arrival of the cellular telephone signalsarriving among the cell sites and thereby calculates the position of thecellular telephone producing the cellular telephone signals. Additionalexamples of known methods for locating phones are cell sector and cellsite. The full disclosure of U.S. Pat. No. 5,327,144 is herebyincorporated by reference in its entirety.

The Federal Communications Commission (FCC) has recently mandatedwireless Enhanced 911 (E911) rules to improve the effectiveness andreliability of wireless 911 service by providing 911 dispatchers withadditional information on wireless 911 calls. According to the FCCwebsite, the wireless E911 program is divided into two part—Phase I andPhase II. Phase I requires carriers, upon appropriate request by a localPublic Safety Answering Point (PSAP), to report the telephone number ofa wireless 911 caller and the location of the antenna that received thecall. Phase II requires wireless carriers to provide far more preciselocation information, within 50 to 300 meters in most cases. Thedeployment of E911 requires the development of new technologies andupgrades to local 911 PSAPs, as well as coordination among public safetyagencies, wireless carriers, technology vendors, equipmentmanufacturers, and local wireline carriers. The FCC established afour-year rollout schedule for Phase II, beginning Oct. 1, 2001 and tobe completed by Dec. 31, 2005.

SUMMARY OF THE INVENTION

A method for facilitating the detection of misuse of an identity duringan electronic transaction. The present invention comprises at least fiveembodiments. In a first embodiment, the method comprises the steps of:receiving a notification to authenticate the use of an identity at afirst location, wherein the identity is associated with a first wirelessterminal; determining an approximate location of the first wirelessterminal based on cached position information, the approximate locationof the first wireless terminal being a second location; determiningwhether the first and second locations match in geographical proximity;and generating an alert if the first and second locations do not matchin geographical proximity. In a second embodiment, an approximatelocation of the first wireless terminal is determined based on cachedposition information stored on a GPS position database.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic block diagram showing exemplary hardware elementsthat can enable the practice of the various embodiments of the presentinvention.

FIG. 2 shows a schematic block diagram of an exemplary first wirelessterminal fitted with a GPS receiver operatively coupled to an inertialnavigation system according to one aspect of the present invention.

FIG. 3 shows a non-limiting example of a user registration processaccording to one aspect of the present invention.

FIG. 4 shows a non-limiting flow chart of one embodiment of theinvention.

It should be understood that the attached figures are not intended tolimit the scope of the present invention in any way.

DETAILED DESCRIPTION OF THE INVENTION

This invention relates to a method and system for monitoring electronictransactions. In general terms, in one aspect of the invention a useridentity (such as the user's credit card, cash card, etc.) is associatedwith a first wireless terminal, e.g., the user's cell phone. Theposition of the user's cell phone is determined at intervals and cached(i.e., archived) to provide a stream of regularly updatedpre-transaction positions. Each cached pre-transaction position can bestored on a remote position database (PDB) or on the user's cell phone.If the user's identity such as the user's credit or cash card is laterused, for example, at a point of sale (POS) electronic terminal having aknown location (being a first location), the invention detects the useof the user's credit card (i.e., identity) at the first location andcompares the first location with the most recent cached position of theuser's cell phone (now treated as a pre-transaction position to providea second location for comparison). Specifically, a determination is madeas to whether the first and second locations match in geographicalproximity. If the first and second locations do not match ingeographical proximity, the invention generates an alert or advisorymessage that is communicated to a predetermined notification device,such as the user's email account, a POS electronic terminal, a financialinstitution's computers or offices (such as the user's credit cardcompany's computers, etc.). The alert can also be a reply message forblocking an associated electronic transaction at the first location.

The invention can be adjusted such that as each new pre-transactionposition corresponding to the user's cell phone becomes available, thenew pre-transaction position can be used to overwrite the currentlyarchived pre-transaction position to prevent illicit or unauthorizedtracking of the user's movements.

In another aspect of the invention, if the latest archivedpre-transaction location (i.e., second location) and known POS location(i.e., first location) don't match, a post-transaction position (being athird location) of the user's cell phone is obtained and compared to theknown first location and an alert generated if the post-transactionlocation (third location) and known POS location (first location) do notmatch in geographical proximity. Such matching can be based on apredetermined distance. For example, if the post-transaction location ofthe user's cell phone is determined to be more than 5 miles from theknown POS location, an alert is generated and communicated to apredetermined device such as the user's cell phone and/or email address,and/or to an appropriate financial institution such as the user's bankor a credit card company's computers, the user's wireless personaldigital assistant or a user's wireless enabled laptop, etc. Thus, if theactual position of the user's cell phone is not available at about thetime of the transaction, the pre or post-transaction position of theuser's cell phone can be used to determine if an alert is warranted.

For example, the user's cell phone may include a GPS receiver capable ofdetermining the position of the user's cell phone, but only if theuser's GPS capable cell phone is able to receive GPS signals necessaryto calculate the location of the user's cell phone. GPS signals aretransmitted by dedicated satellites and are often not strong enough tobe received inside buildings where many ATM and POS terminals arelocated. The invention provides a non-obvious way of monitoring the useof one or more identities (such as a credit card or cash card number)associated with a user regardless of the ability of a user's cell phoneto pick up GPS signals at the time of transaction (i.e., when the user'sidentity is used to authorize a transaction).

Specifically, through such monitoring, the invention facilitates thedetection of a possible fraudulent or an invalid electronic purchaseinvolving the use of a user's identity, for example, a credit card,debit card or any other kind of electronic payment or purchase systemincluding biometric based purchases. Upon detection of suspect purchaseor transaction (such as a cash withdrawal at an ATM), an advisorymessage is communicated to a predetermined notification device. Theintent of this invention is to provide an alert upon detection of aninappropriate purchase or transaction.

The invention is now described in more detail.

It should be understood that the term “wireless terminal” (and itsderivatives such as “first wireless terminal”), as used in the contextof the present invention, applies to any device capable of communicatingwith a wireless network or cellular system. A non-limiting example of afirst wireless terminal includes a cellular telephone (sometimesreferred to as a cell phone or a wireless phone). Other non-limitingexamples include any device that has been modified or designed tocommunicate with a wireless network including, but not limited to: aPersonal Digital Assistant (“PDA”), such as a WiFi capable PDA, or awireless Blackberry (such as the Blackberry 7520 model).

The predetermined notification device can be any suitable device capableof receiving communications directly or indirectly from a wirelessnetwork, such as, but not limited to: a first mobile terminal, a secondmobile terminal, a Personal Digital Assistant (PDA) capable ofcommunicating with a wireless network, a laptop computer capable ofcommunicating with a wireless network, a message server, and an emailserver, an electronic terminal 120, alone or in combination. An alertsent to an electronic terminal 120 at the first location, wherein thealert prevents a transaction associated with the identity

The position of a mobile terminal can be determined by, for example, aninternal positioning apparatus and an external position apparatus, aloneor in combination. Examples of internal positioning apparatus include aGPS receiver built into the mobile terminal that receives GlobalPositioning System (“GPS”) radio signals transmitted from GPSsatellites. The GPS system can be supplemented with an INS (inertialnavigation system) also built into the mobile terminal (see FIG. 2 ).

The external positioning apparatus can be a cellular positioning systemthat computes the position of the mobile terminal by observing timedifferences among the arrivals of a radio signal transmitted by themobile terminal at a plurality of observation points, i.e., basestations, which typically form part of the wireless network.Alternatively, the external positioning apparatus could be a single basestation that the mobile terminal is in contact with. Each base stationhas a particular base station ID and a location associated with the basestation ID. Thus, the location of a mobile terminal can be approximatedto the actual location of a base station, but given that the typicalarea covered by a base station is often about one kilometer, it isdifficult to accurately determine the position of the mobile terminal.

The role of base stations in wireless networks is described, forexample, in “Cellular Radio Systems”, published by Artech House, Boston(editors: D. M. Balston and R. C. V. Macario; ISBN: 0-89006-646-9);“Digital Cellular Radio” written by G. Calhoun and published by ArtechHouse, Boston (ISBN: 0-89006-266-8). “Cellular Radio Systems” and“Digital Cellular Radio” are hereby incorporated by reference in theirentirety.

The position of a mobile terminal can also be tracked using externalRFID tags (Radio Frequency Identification tags) in combination with anRFID reader built into the mobile terminal. How RFID tags and readerswork is described in U.S. Patent Publication No. 20050143916 publishedJun. 30, 2005 to Kim, In-Jun, et al. U.S. Patent Publication No.20050143916 is incorporated by reference herein in its entirety.

In a first embodiment of the present invention, a method is provided forfacilitating the detection of misuse of an identity during an electronictransaction. The first embodiment comprises the steps of: receiving anotification to authenticate the use of an identity at a first location,wherein the identity is associated with a first wireless terminal;determining an approximate location of the first wireless terminal basedon cached position information, the approximate location of the firstwireless terminal being a second location; determining whether the firstand second locations match in geographical proximity; and generating analert if the first and second locations do not match in geographicalproximity.

The cached position information can be cached GPS position informationstored on the first wireless terminal. The step of determining thesecond location can further comprise the step of updating the cachedposition information with an inertial navigation system correctionperformed by the first wireless terminal to provide an updated locationof the first wireless terminal, the updated location being the secondlocation.

In one aspect of the first embodiment, the step of determining thesecond location further comprises the step of detecting whether GPSsignals are being received by the first wireless terminal to determine apost-transaction location of the first wireless terminal, thepost-transaction location being the second location. The step ofdetecting whether sufficient GPS signals are being received by the firstwireless terminal for the first terminal to determine a post-transactionis only performed if cached position information is not stored on thefirst wireless terminal or if the cached position information is stale.The cached position information is regarded as stale if the informationhas not been updated for a predetermined time period, e.g., has not beenwithin the last 30 minutes, 15 minutes or last 5 minutes. Thepredetermined time period defining when the cached position informationis stale can vary and may be factory set or optionally set by the owneror user of the identity.

The first wireless terminal can be any device that can wirelesslycommunicate with a network, such as a cell phone, which can communicatewirelessly with a wireless network. Examples of suppliers of cell phonesare Nokia, Motorola, and Ericsson. The terms “cell” and “cellular” areregarded as equivalent terms.

The identity can be a credit card number, an account number, a debitcard identification number, a driver's license number, a name andaddress, a social security number, a telephone number, a finger print,an iris scan identity, a retina scan identity, and a membership identity(such as a membership password), alone or in combination. The identitycan also be any suitable biometric identity, such as a fingerprint, aniris scan identity and a retina scan identity, alone or in combination.

With respect to the notification associated with the use of the identityat the first location, the notification can be generated, for example,by an electronic transaction device (such as a credit card reader at arestaurant, an ATM machine such as a cash-withdrawal terminal thatincorporates a card reader) at the first location or by, for example, acredit card company in communication with the electronic device at thefirst location.

It should be understood that the electronic transaction device could beany suitable device where the identity can be entered for the purpose ofperforming an electronic transaction. For example, a credit card with acredit card number can be read by the electronic device, and the creditcard number communicated to the credit card company associated with thecredit card, and in response the credit card company generates anotification, which is routed to the first wireless terminal. Inresponse to receiving the notification, the first wireless terminaldetermines its location based on cached position information stored onthe first wireless terminal or if the cached location information isstale requesting the first wireless terminal to provide a freshlocation.

Referring to the invention in general, the generated alert can take anysuitable form. For example, the alert can be an advisory message, whichis communicated to at least one predetermined device. The at least onepredetermined device could be the first wireless terminal and/or asecond wireless terminal, wherein the first wireless terminal alsoacting as the predetermined device could be a cell phone. Thepredetermined device can be any suitable device, such as a PersonalDigital Assistant (PDA) and/or a laptop capable of communicating with awireless network and/or receiving emails, and a message server. Anexample of a message server is a server accessible via theworld-wide-web (WWW) and which stores messages for downloading by, forexample, a wireless capable laptop with authorization to access themessage server. The message server could be an email server programmedto store and/or forward emails to subscribers. Other examples of messageservers include the hotmail email system and the webmail serviceprovided by Google called Gmail.

Alternatively, the generated alert can be routed to the user's emailaddress recorded during a previous registration of the identity.Alternatively, the alert is a reply message, such as a non-authorizationmessage, for blocking an associated electronic transaction at the firstlocation, and more particularly for blocking a transaction at the firstlocation associated with the identity. It should be understood that theidentity may not be limited to one identity, but could encompass one ormore identities such as a user's credit card number together with theuser's email address, social security number, phone number, residentialaddress or phone number. Thus, a card reader may read a user's creditcard and the user asked to enter or otherwise provide their emailaddress or phone number. Some retail outlets routinely ask customers fortheir home phone number and/or address.

In one aspect of the invention, the use of an identity is associatedwith a first time stamp. The first time stamp corresponds to the time ofthe associated electronic transaction (or attempted electronictransaction) performed at a first location, and wherein the step ofreading a cached location is associated with a second time stamp. Thespeed can be calculated based on the distance between the first andsecond locations and the time difference between the first and secondtime stamps such that the first and second locations are judged not tomatch in geographical proximity if the speed is above a predeterminedvalue. Thus, if the speed to travel between the first and secondlocations is calculated to be about 1000 mph, and the predeterminedvalue is set at 40 mph, an alert would be generated.

In another aspect of the first embodiment, if the first and secondlocations do not match in geographical proximity, then a confidencescore is calculated to determine if the position mismatch with respectto the first and second locations is acceptable or unacceptable, and thealert is only generated if the confidence score is below a predeterminedthreshold. In addition to the time and distance difference, the systemcan also use additional factors to derive the confidence score. Thesefactors can be weather conditions, time of day, day of year, urbanmakeup (e.g. a suburb area versus a downtown area), etc.

In still another aspect of the first embodiment, the step of determiningthe second location further comprises the step of detecting a WiFiUnique ID associated with the position of the first wireless terminal,and converting the WiFi unique ID into a post-transaction location forthe first wireless terminal, the post-transaction location being thesecond location, wherein the step of detecting a WiFi Unique ID is onlyperformed if cached position information is not stored on the firstwireless terminal. For example, if the wireless terminal lacks cachedposition information and the first wireless terminal is able to detect aWiFi unique ID, then the WiFi unique ID, which is used to determine theposition of the first wireless terminal. This might entail accessing adatabase that matches a WiFi's unique ID (i.e., identity such as, butnot limited to, an Internet media-access-control (MAC) address) withknown positions corresponding to each WiFi unique ID. This databasemight be stored, for example, on a ≤1.5″ hard drive (i.e., a less-thanor equal to 1.5 inch hard drive) or on a large capacity memory chipfitted to the first wireless terminal 160.

In still another aspect of the first embodiment, the step of determiningthe second location further comprises the step of detecting a WiMAXUnique ID associated with the position of the first terminal, andconverting the WiMAX Unique ID into a post-transaction location for thefirst wireless terminal, the post-transaction location being the secondlocation, wherein the step of detecting a WiMAX Unique ID is onlyperformed if cached position information is not stored on the firstwireless terminal. Alternatively, the step of detecting a WiMAX UniqueID is only performed if the cached position information is stale,wherein the cached position information is regarded as stale if theinformation has not been updated for a predetermined time period.

In still another aspect of the first embodiment, the step of determiningthe second location further comprises the step of obtaining apost-transaction position for the first wireless terminal as soon as thefirst wireless terminal is able to receive GPS signals to calculate itspost-transaction position, the post-transaction position being thesecond location, wherein the step of obtaining a post-transactionposition is only performed if cached position information is not storedon the first wireless terminal.

In still another aspect of the first embodiment, the step of determiningthe second location further comprises the step of obtaining apost-transaction position for the first wireless terminal as soon as thefirst wireless terminal is able to receive GPS signals to calculate itspost-transaction position, the post-transaction position being thesecond location, wherein the step of obtaining a post-transactionposition is only performed if the cached position information is stale,wherein the cached position information is regarded as stale if theinformation has not been updated for a predetermined time period.

In a second embodiment of the present invention, a method is providedfor facilitating the detection of misuse of an identity during anelectronic transaction. The second embodiment comprises the steps of:receiving a notification to authenticate the use of an identity at afirst location, wherein the identity is associated with a first wirelessterminal; determining an approximate location of the first wirelessterminal based on cached position information stored on a GPS positiondatabase, wherein the GPS position database is operatively connected toa wireless provider 180 and/or a financial institution's computers 140,the approximate location of the first wireless terminal being a secondlocation; determining whether the first and second locations match ingeographical proximity; and generating an alert if the first and secondlocations do not match in geographical proximity.

In a third embodiment of the present invention, a method is provided forfacilitating the detection of misuse of an identity during an electronictransaction, comprising the steps of: receiving a notification toauthenticate the use of an identity at a first location, wherein theidentity is associated with a first wireless terminal; reading a cachedlocation of the first wireless terminal based on cached positioninformation stored on the first wireless terminal, the location of thefirst wireless terminal being a second location; determining whether thefirst and second locations match in geographical proximity; determininga post-transaction location of the first wireless terminal if the firstand second locations do not match in geographical proximity, thepost-transaction location of the first wireless terminal being a thirdlocation; and generating an alert if: (1) the first and second locationsdo not match in geographical proximity and (2) the first and thirdlocations do not match in geographical proximity.

Referring to the invention in general and with reference to the thirdembodiment, the post-transaction location can be obtained, for example,by processing GPS signals received by the first wireless terminal 160within a reasonable time after the transaction (referred to hereinafteras “post-transaction GPS signals”). Post-transaction location can alsobe obtained, for example, using WiFi unique ID (if available) or WiMaxunique ID. Alternatively, the post-transaction location can be obtainedby using an inertial navigation module (INM) 400 (discussed infra) toconvert the most recent cached location into a post-transaction locationfor the first wireless terminal, wherein updating the most recent cachedposition of the INM module is integrated into the design of the firstwireless terminal (see, e.g., FIG. 3 ). Thus, the post-transactionlocation can be determined based on a method selected from the groupconsisting of: processing post-transaction GPS signals, WiFi unique ID,and WiMax unique ID, and any combination thereof.

In a fourth embodiment of the present invention, a method is providedfor facilitating the detection of misuse of an identity during anelectronic transaction, comprising the steps of: receiving anotification to authenticate the use of an identity at a first location,wherein the identity is associated with a first wireless terminal;reading a cached location of the first wireless terminal based on cachedposition information stored on the first wireless terminal, the locationof the first wireless location being a second location; determiningwhether the first and second locations match in geographical proximity;determining the post-transaction location of the first wireless terminalif the first and second locations do not match in geographicalproximity, the post-transaction location of the first wireless terminalbeing a third location; determining a post-transaction position of thefirst wireless terminal if (1) the first and second positions do notmatch in geographical proximity and (2) it is not possible to determinethe post-transaction location, wherein the post-transaction position istreated as the third location; and generating an alert if: (1) the firstand second locations do not match in geographical proximity and (2) thefirst and third locations do not match in geographical proximity.

FIG. 1 is a schematic block diagram showing exemplary hardware elementsthat can enable the practice of the various embodiments of the presentinvention. An electronic transaction terminal is shown at 120. Theelectronic transaction terminal 120 can be, for example, a credit and/ordebit card terminal located at a first location such as a point of salelocation inside a retail store, i.e., at a known first location.Alternatively, the terminal 120 could be a credit/debit card terminallinked to a cash register (not shown) or the terminal 120 could be aregular ATM (automatic teller machine) for dispensing cash to registeredholders of cash cards. In other words, the terminal 120 can take variousforms without detracting from the spirit of the present invention. Ifthe first and second locations do not match in geographical proximity,the alert can be a reply message for blocking an associated electronictransaction at the first location.

The terminal 120 is operatively coupled to a financial institution'scomputers 140 such as a credit card company's computers or a bank'scomputers if, for example, terminal 120 is an ATM and used for cashwithdrawals). The financial institution's computers 140 are thosecomputers authorized to process the user's financial transactions. Thefinancial institution's computers 140 are in turn able to communicatewith a first wireless terminal 160 via a wireless provider 180 and,based on signal strength, the nearest base station 170 to the firstwireless terminal 160. Examples of credit card companies include Visa,Discover, American Express, MasterCard, and Eurocard. Examples ofwireless providers include Sprint, Verizon and T-Mobile.

An optional position database (PDB) 300 can be operatively coupled tothe wireless provider 180. Alternatively, PDB 300 can be operativelycoupled to the financial institution's computer 140. The PDB 300 can beoperatively coupled to more than one element such as wireless provider180 and financial institution's computers 140. The PDB 300 can bedirectly or indirectly linked to wireless provider 180 and/or financialinstitution's computers 140. The terms “coupled” or “operativelycoupled” are intended to cover both direct and indirect links.Pre-transaction and/or post-transaction positions with respect to thefirst wireless terminal 160 can be stored on the PDB 300. The PDB 300can store positions derived from any known position determinationtechnique such as, but not limited to, GPS position data derived from aGPS receiver 200 located on the first wireless terminal 160 (see, e.g.,FIG. 2 ).

The optional PDB 300 can, for example, archive or cache a positionhistory of the first wireless terminal 160. Thus, if the first wirelessterminal 160 is unable to receive GPS signals or is switched off, theoptional position database 300 can be accessed to provide the latestavailable position of the first wireless terminal 160, i.e., in thisscenario, the first wireless terminal 160 uploads its position atpredetermined intervals to the wireless vendor 180 and thence to theposition database 300.

Alternatively, positions based on previously received GPS signals can bestored in a memory 320 integrated with the first wireless terminal 180.The memory 320 can be any suitable memory such as, but not limited to: aRAM chip, a floppy disk, a hard disk drive such as an iPod batterypowered 1.8-inch 60 GB hard disk drive or the anticipated 0.85 inch 3 GBhard disc drive, a CD-ROM, and a DVD-ROM, any known memory oranticipated memory option, alone or in combination.

In FIG. 1 , the wireless terminal 160 is a cell phone fitted with a GPSreceiver 200. The first wireless terminal can also include memory forstoring cached positions, i.e., a history of the positions of the firstwireless terminal, so that if the wireless terminal is required tosupply its post-transaction position but is unable to do so, perhapsbecause the first wireless terminal is unable to receive GPS signals,then the latest cached position can be used. The first wireless terminal160 can be a GPS enabled cell phone as shown, or any wireless terminalcapable of communication with a wireless provider such as a Blackberryin combination with a GPS receiver.

Still referring to FIG. 1 , terminal 120 includes a card reader 240 forreading a credit card 260. An identity in the form of a credit cardnumber and details are stored on a magnetic strip 280 and are read bythe card reader 240. It should be understood that the magnetic strip 280could be replaced with any known or future technology, e.g., a smartchip embedded in a credit or debit card, which can be read by, forexample, waving the card near a card reader enabled to so read creditand/or debit cards fitted with smart chips.

At any point after the identity has been read by terminal 120, anotification can be generated by the electronic terminal 120 or otherdevice operatively coupled to the terminal 120, and/or the credit cardcompany's or bank's computers 140. One or more notifications can begenerated by, for example, the electronic transaction terminal 120 andthe credit card company's or bank's computers 140, alone or incombination. The notification acts as a trigger wherein thepost-transaction or cached position of the first wireless terminal 160(treated as the second position) is determined and compared to theposition of the electronic transaction terminal 120 (regarded as thefirst position). More specifically, a check is made to determine if thefirst and second positions match in geographical proximity. The task ofdetermining if the first and second positions match in geographicalproximity can be done by one or more elements such as, but not limitedto, the first wireless terminal 160, the wireless provider 180 and thecomputers 140, the electronic transaction terminal 120 (or an optionalprocessor 130 operatively coupled to the terminal 120), alone or incombination. If the computers 140, first wireless terminal 160, wirelessprovider 180, alone or in combination, is/are tasked to determine if thefirst and second positions match in geographical proximity, then thenotification should include data representative of the first position ofthe electronic transaction terminal 120.

While wireless terminals (e.g., wireless mobile terminals such as cellphones) having a GPS receiver combined with a communication systemcapable of communicating with a base station are known (e.g., U.S. Pat.No. 5,945,944 describes such a device), the prior art does not teach amethod and system for monitoring electronic purchases andcash-withdrawals of the present invention. U.S. Pat. No. 5,945,944,issued Aug. 31, 1999 to N. F. Krasner, is herein incorporated byreference in its entirety.

In another embodiment, a GPS receiver 200 operatively coupled to aminiature inertial navigation module (INM) 400. FIG. 2 shows a schematicblock diagram of an exemplary first wireless terminal 160 fitted with aGPS receiver 200 operatively coupled to an INM 400. The GPS receiver andINM combination can be housed inside the housing 165 of the firstwireless terminal. Suppliers of miniature inertial navigation hardwareinclude Analog Devices Inc. and Comarco, Inc. (and more particularly itssubsidiary Comarco Wireless Technologies (CWT) of Irvine, Calif 92618,USA). CWT miniature inertial modules are capable of precision positionmeasurements in buildings and urban canyons and, when combined with aGPS receiver 200, can determine the position of a first wirelessterminal 160 with a high degree of accuracy and reliability.

INM technology in the form of silicon is available, for example, fromAnalog Devices Inc. (ADI). The ADI ADXL103 (a 5 mm×5 mm×2 mm LCCpackage), which is a high accuracy, high stability, low cost, low power,complete single axis accelerometer with a signal conditioned voltageoutput, all on a single monolithic IC. The ADXL213 supplied by ADI is aprecision, low power, complete dual axis accelerometer with signalconditioned, duty cycle modulated outputs, on a single monolithicintegrated chip (IC) measuring 5 mm×5 mm×2 mm. Also, ADI's ADXL311 is alow cost, low power, complete dual axis accelerometer with signalconditioned voltage outputs, all on a single monolithic IC of dimensionsof just 5 mm×5 mm×2 mm. In addition, ADI's ADXRS401 is a low-costcomplete ultra small and light (<0.15 cc, <0.5 gram) angularrate-sensing gyroscope capable of measuring up to 75 degrees per secondwith all of the required electronics on a single chip.

WORKING EXAMPLE

The following is a non-limiting working example of a fifth embodiment ofthe present invention. A credit card customer agrees to be locatable viahis or her mobile phone provider and registers a credit card or debitcard (hereinafter “credit card”) in such a manner that the user's creditcard is associated with at least one mobile terminal. The process ofregistering a credit card in a Location-Based Fraud Protection (“LBFP”)System involves a financial institution which partners with one or moremobile phone or wireless providers that provide mobile geographicallocation(s). A mobile phone provider agrees, usually for a fee, torelease the location of a subscriber who, in order to comply withprivacy laws, authorizes this action. The financial institution, usingthe LBFP system, can register its clients using the following method (asshown in FIG. 3 ): sending a letter or calling the client, andrequesting the client to call a toll-free number from his cell phone.Using the caller's ID, the LBFP system will require at least twoidentifying numbers. These identifying numbers can be the last 4 digitsof the credit card and the home address zip code. Once the customerenters these numbers, the LBFP system will communicate these details tothe client's financial institution for verification. For added security,the LBFP system can also challenge the client by sending a 4-digit SMSrandom number to the cell phone and asking the client to enter it usinghis phone keypad. If verified, the LBFP system will be able to associatethe correct credit card with the customer's cell phone number. The LBFPsystem will then check to see if the client's cell phone carrierparticipates in this program. If it does, the LBFP will successfully addthe client to its database (as described in the next paragraph) forcredit card transaction monitoring. The LBFP system can then provide anoptional unique PIN to the client so that he can access the LBFP website to further custom the alerting logic. In turn, this customizationcan further increase the accuracy of the LBFP system. For example, theclient can add known locations to be used when an online transactiontakes place. Known locations can be a work address, relative/friend'saddress, etc. Using these addresses will increase the LBFP accuracy whena customer uses a credit card online by comparing known locations withclient's cell phone location at the approximate time of the onlinetransaction.

The financial institution stores in a database the subscriber customer(hereinafter “subscriber”) details. For example, the subscriber's firstand last name (stored as a type UTF-8 characters), Mobilecarrier/Wireless provider code (e.g., Sprint-1, Nextel-2) stored as typeInteger number, 10-digit Mobile phone number (3-digit area code and7-digit phone number, stored as type Integer number), and ID number thatis associated with the financial institution's subscriber's ID number(stored as type Integer number), such cross-reference number acting as asecurity measure whereby no personal information (SSN, credit cardnumber) is stored in such database.

After registration, each time a subscriber uses the credit card, at thetime of a purchase transaction or near to that time, the financialinstitution will contact the LBFP System servers via a secure encryptionlink (e.g., SSL/SSH/VPN. With no personal information of the subscriberbeing transmitted, the financial institution provides the date oftransaction, time of transaction, address of the business where thetransaction took place, type of transaction (online or physical) and thesubscriber's ID number. The LBFP servers will then initiate a requestvia secure TCP/IP link (e.g., SSL/SSH/VPN) to the subscriber's mobilephone provider requesting the subscriber's post-transaction location,heading and/or speed (see FIG. 4 ). The actual physical location of theLBFP System does not matter. The LBFP System can be located on thefinancial institution's premises or at a distance therefrom. If at adistance from the LBFP System, the financial institution can be linkedto it via a secure network link (e.g. VPN/SSh/SSL).

When the client uses his or her credit card, the LBFP System receivesthe purchase information from the financial institution, itcross-references the identifying item from the financial institutionwith the subscriber's unique carrier ID (e.g., cell phone number).

After the LBFP System finds the subscriber's unique carrier ID (orrelated information), it will then request the subscriber's last knownlocation from the subscriber's carrier. Each carrier has specific meansfor interfacing with and providing this information. It is sometimescalled API, which are known programming methods to execute specificfunctions. As a practical matter, the LBFP System, or the financialinstitution, will create a relationship and interface with the carrierahead of time in order to obtain this information electronically. TheLBFP System can interface with multiple carriers and multiple financialinstitutions.

There are at least four (4) possible outcomes from the application ofthe above procedure, namely, (1) unable to locate the cell phone (cellphone out or range, turned off, or other reason that the cell phonecannot be located), (2) able to locate the cell phone—the cell phone isnot at home, work or other known location, (3) able to locate the cellphone—the cell phone is at home, work or other known location, the“known location” being the location, in addition to client's homeaddress, where the client usually resides (i.e., work, familyaddresses), these locations are optional and normally would be enteredby the client at registration (see registration process above for moredetails), (4) able to locate phone with a timestamp prior to thepurchase/transaction time.

With respect to each of the at least three (3) possible outcomes, adecision (score) table is created using at least the parameters:ΔD=distance between Location of Mobile phone and Location of PurchasePoint, and ΔT=difference between Time located phone and Time oftransaction, among potential parameters. The LBFP system may useadditional factors to arrive at a final score/Fraud Confidence Level(“FCL”). These factors include a client's heading, speed, urbantype/density, time of day, day of week, weather conditions, etc. As toΔD, the time can range from 0 to 30 kilometers or more. As to ΔT, thetime can range from 0 to 30 minutes or more. Depending upon thesensitivity desired for questioning whether a credit card purchase isvalid, Fraud Confidence Level (“FCL”) values are assigned within theLBFP System for each credit card transaction. When an FCL is calculatedby the LBFP System to be above a threshold value, a flag will be raisedas to a valid transaction. Alternatively, when an FCL is calculated bythe LBFP System to be below a threshold value, a flag is raised as to apotentially fraudulent credit card use.

For example, in the case of outcome (1), if the wireless provider isunable to locate the cell phone (no coverage, turned off, etc.), theLBFP System will switch into “search mode” as follows: (a) the systemwill keep attempting to locate the cell phone every 10 minutes for thenext 30 minutes, or (b) if the location is determined within 30 minutesafter the purchase transaction took place, the LBFP system willcalculate the distance between the purchase location and the mobilephone location using an exemplar Table 1 to determine an FCL.

TABLE 1 If the location of cell phone is within a distance (Km) of theThe LBFP System tags purchase point and within 20 the transaction withan minutes of the transaction FCL of 1/2  3 1  4 5  5 10  6 15  7 20  825  9 >30 10

In the case of outcome (2)—if the LBFP System was able to locate thecell phone, though the cell phone is not at home, namely, the locationof the cell phone was found within 10 minutes after the purchasetransaction took place and the purchase type is physical (notonline/internet), the LBFP System will calculate the distance betweenthe purchase location or sale point and the mobile phone location usingan exemplar Table 2 to determine an FCL.

TABLE 2 If the location of cell phone is within a distance (Km) of thepurchase point and within 10 minutes of the The LBFP System tags thetransaction transaction with an FCL of 1/2  3 1  4 5  5 10  8 >10 10

In the case of outcome (3)—the LBFP System will calculate the distancedifference between the customer's known home, work or other knownaddress and the location of the cell phone. If the LBFP System was ableto locate the cell phone with the cell phone being at the above knownlocations, within 10 minutes after the purchase transaction took placeAND the purchase type is online/internet, the LBFP System will calculatethe distance between the above known locations and the mobile phonelocation using an example Table 3 to determine an FCL.

TABLE 3 If the location of cell phone is within a distance (Km) of theThe LBFP System purchase point and within 10 tags the transactionminutes of the transaction with an FCL of 1/2  4 1  5 5  6 10  8 >10 19

In the case of outcome (4)—a customer purchased goods or service from aphysical location (e.g., store) and the LBFP System is unable to locatethe cell phone. There may be situations whereby the wireless providerwas able to acquire the customer's location prior to the purchase andstore it in a temporary database. If the timestamp is close to thepurchase time and the LBFP system is unable to get a newer location fix,then, in that case, the LBFP system may use the cached locationinformation and ΔT to calculate the FCL using a scoring table similar totable 1. The cached location information can be either the locationinformation stored on the location server or on the MT.

In addition to the above data, the LBFP system may use additionalfactors in order to calculate the LFC/fraud score. These factors may be:time of day, day of the week, urban make (a suburb vs. downtown),weather conditions and traffic condition, among others. This is true forall possible scenarios.

With respect to an online purchase, such as a purchase from the onlinecompany Amazon.com®, the LBFP System may either know in advance, or atthe time of the purchase, the frequent or usual address of thepurchaser, for instance, home, work or other known location. Theconfiguration and customization can be defined both globally as asystem-wide rule and on per individual basis when the subscriberregistered for this service. Customization can include scoring/LFCthreshold, known locations, and client notification methods (e.g., SMS,email).

In the case of wireless network, GPS enabled cellular phones require,for the most part, a clear line of site with the sky in order to acquireGPS location. Since that does not always happen (in case the cellularphone is in the subway or other obstructed location), the location ofthe cellular phone sometimes does not match the exact location of thebusiness. That is the reason the LBFP System compares both locationswithin a radius of X miles from such locations. (The number of X mileswill be determined once an LBFP System in a particular environment hasbeen through beta testing and becomes operational.) The X miles factoris also expected to vary in various geographical locations, such asrural locations versus large cities. Note also that there are cellularphones that can be located with means other than GPS. An example is thetriangulation of the cellular phone's signals with surrounding celltowers. To the LBFP System, the manner by which the carrier obtains themobile phone's location does not matter. The LBFP System will take intoaccount parameters provided by the carrier such as heading, speed,acquisition-time and location error (accuracy).

The invention has been described herein with reference to particularexemplary embodiments. Certain alterations and modifications may beapparent to those skilled in the art, without departing from the scopeof the invention. The exemplary embodiments are meant to beillustrative, not limiting of the scope of the invention, which isdefined by the appended claims.

I claim:
 1. A method for authenticating a transaction associated with auser's identity, wherein the user is associated with a mobile phone, andthe transaction is associated with a time and a location, comprising thesteps of: (A) requesting the user's authorization to be located via themobile phone; (B) receiving a notification that the user's identity hasbeen received by a card reader, wherein the card reader is at thelocation associated with the transaction, and comprises at least one of:a magnetic strip reader and a chip reader; (C) receiving apre-transaction location of the mobile phone and a time associated withthe pre-transaction location, wherein the pre-transaction location isdetermined via at least one of: GPS, Wi-Fi, antenna triangulation, andcellular base station ID; (D) receiving an assessment of thetransaction, wherein the assessment is based on a calculated timedifference and a calculated distance, wherein: (i) the calculated timedifference is the difference between the time associated with thetransaction and the time associated with the pre-transaction location ofthe mobile phone; and (ii) the calculated distance is the distancebetween the location associated with the transaction and thepre-transaction location of the mobile phone;  and (E) communicating adecision, the decision comprising allowing or preventing thetransaction, wherein the decision is based on at least the assessment.2. The method of claim 1, wherein the user's identity is associated witha number entered via the mobile phone, wherein the number is one of acredit card number and a debit card number.
 3. The method of claim 1,wherein the receiving step is preceded by a determination that the timeassociated with the pre-transaction location is not stale.
 4. The methodof claim 1, wherein the pre-transaction location is fresher than adifferent pre-transaction location of the mobile phone, and wherein thepre-transaction location and the different pre-transaction location arereceived after a prior transaction.
 5. The method of claim 4, whereinthe receiving step is preceded by a determination that the differentpre-transaction location is stale.
 6. The method of claim 1, wherein thecard reader is an ATM or is coupled to a cash register.
 7. The method ofclaim 1, wherein the pre-transaction location of the mobile phone isstored on the mobile phone.
 8. The method of claim 1, wherein thepre-transaction location is received from the mobile phone and stored ona remote database.
 9. The method of claim 1, further comprising the stepof, prior to the receiving the notification step, verifying anassociation between the user and the user's identity, wherein theverification is based on identifying information entered via the mobilephone and sent via the mobile phone.
 10. The method of claim 1, whereinthe mobile phone and the user's identity have become associated after asuccessful verification that has occurred prior to the receiving of thenotification.
 11. The method of claim 10, wherein the successfulverification comprises the steps of: (i) sending to the mobile phone afirst message comprising a numerical sequence; and (ii) receiving fromthe mobile phone a second message comprising the numerical sequence. 12.The method of claim 1, wherein the pre-transaction location of themobile phone is updated at predetermined intervals.
 13. The method ofclaim 1, wherein the pre-transaction location has been updatedautomatically prior to the receiving the notification step based on achange in the location of the mobile phone.
 14. The method of claim 13,wherein the change in the location of the mobile phone movement isdetermined by an inertial navigation system associated with the mobilephone.
 15. The method of claim 2, wherein the association of the mobilephone and the user is verified, prior to the receiving the notificationstep, based on identifying information entered via the mobile phone, andwherein the pre-transaction location is stored on a remote database. 16.A method for authenticating a transaction, wherein the transaction isassociated with a time, a location, and a user's identity being receivedby a card reader at the location, wherein the card reader comprises atleast one of: a magnetic strip reader and a chip reader, and wherein theuser is associated with a mobile phone, comprising the steps of: (A)receiving a pre-transaction location of the mobile phone and a timeassociated with the pre-transaction location, wherein thepre-transaction location is determined via at least one of: GPS, Wi-Fi,antenna triangulation, and cellular base station ID; (B) storing, priorto the time associated with the transaction, the pre-transactionlocation in a remote database; (C) calculating a time difference,wherein the time difference is based on the difference between the timeassociated with the transaction and the time associated with thepre-transaction location of the mobile phone; (D) calculating adistance, wherein, the distance is based on the distance between thelocation associated with the transaction and the pre-transactionlocation of the mobile phone; (E) calculating, based on the calculatedtime difference and the calculated distance, a score for thetransaction; and (F) receiving, from a financial institution associatedwith the user's identity, a decision, wherein the decision is based onat least the score and the decision comprises one of: allow thetransaction and prevent the transaction.
 17. The method of claim 16,wherein the user's identity is associated with a number entered via themobile phone, wherein the number is one of a credit card number and adebit card number.
 18. The method of claim 16, wherein the receivingstep is preceded by a determination that the time associated with thepre-transaction location is not stale.
 19. The method of claim 16,wherein the pre-transaction location is fresher than a differentpre-transaction location of the mobile phone, and wherein thepre-transaction location and the different pre-transaction location arereceived after a prior transaction.
 20. The method of claim 19, whereinthe receiving step is preceded by a determination that the differentpre-transaction location is stale.
 21. The method of claim 16, whereinthe card reader is an ATM or is coupled to a cash register.
 22. Themethod of claim 16, wherein the pre-transaction location is receivedfrom the mobile phone.
 23. The method of claim 16, wherein theassociation of the mobile phone and the user is verified, prior to thetime associated with the transaction, based on identifying informationentered via the mobile phone.
 24. The method of claim 16, wherein themobile phone and the user's identity become associated after asuccessful verification, prior to the time associated with the pendingtransaction.
 25. The method of claim 24, wherein the successfulverification comprises the steps of: (i) sending to the mobile phone afirst message comprising a numerical sequence and (ii) receiving fromthe mobile phone a second message comprising the numerical sequence. 26.The method of claim 16, wherein the pre-transaction location has beenautomatically updated prior to the time associated with the transaction,based on a change in the location of the mobile phone.
 27. The method ofclaim 26, wherein the change in the location of the mobile phone isdetermined by an inertial navigation system associated with the mobilephone.
 28. The method of claim 16, wherein the pre-transaction locationis received from the mobile phone following the user's authorization toshare the location of the mobile phone, and is fresher than a differentpre-transaction location of the mobile phone.
 29. The method of claim 1,wherein the pre-transaction location of the mobile phone is updated atpredetermined intervals.
 30. A method for authenticating a transactionassociated with a user's identity, wherein the user is associated with amobile phone, and the transaction is associated with a time and alocation, comprising the steps of: (A) requesting the user'sauthorization to be located via the mobile phone; (B) receiving apre-transaction location of the mobile phone and a time associated withthe pre-transaction location, wherein the pre-transaction location isdetermined via at least one of: GPS, Wi-Fi, antenna triangulation, andcellular base station ID; (C) prior to the time associated with thetransaction, verifying an association between the mobile phone and theuser's identity, wherein the verification is based on identifyinginformation entered by the user via the mobile phone and sent via themobile phone; (D) calculating a time difference, wherein the timedifference is based on the difference between the time associated withthe transaction and the time associated with the pre-transactionlocation of the mobile phone; (E) calculating a distance, wherein thedistance is based on the distance between the location associated withthe transaction and the pre-transaction location of the mobile phone;and (F) based on at least the calculated time difference and calculateddistance, generating a decision regarding the transaction, the decisioncomprising one of allowing the transaction and preventing thetransaction.